<!DOCTYPE html>



  


<html class="theme-next pisces use-motion" lang="zh-Hans">
<head><meta name="generator" content="Hexo 3.8.0">
  <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="theme-color" content="#222">



  
  
    
    
  <script src="/lib/pace/pace.min.js?v=1.0.2"></script>
  <link href="/lib/pace/pace-theme-minimal.min.css?v=1.0.2" rel="stylesheet">







<meta http-equiv="Cache-Control" content="no-transform">
<meta http-equiv="Cache-Control" content="no-siteapp">



  <meta name="google-site-verification" content="SOqsL8PexCDMo8ubmGTRngo5fAy0r6255DCMfRC5Bzg">














  
  
  <link href="/lib/fancybox/source/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css">




  
  
  
  

  
    
    
  

  

  

  

  

  
    
    
    <link href="//fonts.googleapis.com/css?family=Lato:300,300italic,400,400italic,700,700italic&subset=latin,latin-ext" rel="stylesheet" type="text/css">
  






<link href="/lib/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css">

<link href="/css/main.css?v=5.1.2" rel="stylesheet" type="text/css">


  <meta name="keywords" content="运维,">








  <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico?v=5.1.2">






<meta name="description" content="用阿里云国内机房的主机有个『小问题』，备案。下面说的，一种情况是没有备案，另外一种情况是备案中，但是业务急于对外发布，等不及以周为单位的备案进程。 访问绑定到阿里云 ECS 上的、没有备案的域名，阿里云机房会劫持你的 http（80 端口）上行流量，无视你实际的返回内容，将之篡改成一个页面 title 为『TestPage』的温馨提示（如下图）。  而一台不能提供 http 服务的阿里云 ECS">
<meta name="keywords" content="运维">
<meta property="og:type" content="article">
<meta property="og:title" content="阿里云未备案云主机申请 letsencrypt ssl 证书">
<meta property="og:url" content="http://i.am.simonkuang.com/post/apply-http-ssl-cert-file-from-a-non-beian-aliyun-ecs/index.html">
<meta property="og:site_name" content="旷{&lt;i&gt;氏&lt;&#x2F;i&gt; }淇元">
<meta property="og:description" content="用阿里云国内机房的主机有个『小问题』，备案。下面说的，一种情况是没有备案，另外一种情况是备案中，但是业务急于对外发布，等不及以周为单位的备案进程。 访问绑定到阿里云 ECS 上的、没有备案的域名，阿里云机房会劫持你的 http（80 端口）上行流量，无视你实际的返回内容，将之篡改成一个页面 title 为『TestPage』的温馨提示（如下图）。  而一台不能提供 http 服务的阿里云 ECS">
<meta property="og:locale" content="zh-Hans">
<meta property="og:image" content="http://i.am.simonkuang.com/post/apply-http-ssl-cert-file-from-a-non-beian-aliyun-ecs/TestPage.png">
<meta property="og:updated_time" content="2019-02-27T15:05:57.025Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="阿里云未备案云主机申请 letsencrypt ssl 证书">
<meta name="twitter:description" content="用阿里云国内机房的主机有个『小问题』，备案。下面说的，一种情况是没有备案，另外一种情况是备案中，但是业务急于对外发布，等不及以周为单位的备案进程。 访问绑定到阿里云 ECS 上的、没有备案的域名，阿里云机房会劫持你的 http（80 端口）上行流量，无视你实际的返回内容，将之篡改成一个页面 title 为『TestPage』的温馨提示（如下图）。  而一台不能提供 http 服务的阿里云 ECS">
<meta name="twitter:image" content="http://i.am.simonkuang.com/post/apply-http-ssl-cert-file-from-a-non-beian-aliyun-ecs/TestPage.png">



<script type="text/javascript" id="hexo.configurations">
  var NexT = window.NexT || {};
  var CONFIG = {
    root: '/',
    scheme: 'Pisces',
    version: '5.1.2',
    sidebar: {"position":"right","display":"post","offset":12,"offset_float":12,"b2t":false,"scrollpercent":false,"onmobile":false},
    fancybox: true,
    tabs: true,
    motion: true,
    duoshuo: {
      userId: '0',
      author: '博主'
    },
    algolia: {
      applicationID: '',
      apiKey: '',
      indexName: '',
      hits: {"per_page":10},
      labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
    }
  };
</script>



  <link rel="canonical" href="http://i.am.simonkuang.com/post/apply-http-ssl-cert-file-from-a-non-beian-aliyun-ecs/">





  <title>阿里云未备案云主机申请 letsencrypt ssl 证书 | 旷{<i>氏</i> }淇元</title>
  




<script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
            (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
          m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
  ga('create', 'UA-45245769-1', 'auto');
  ga('send', 'pageview');
</script>





</head>

<body itemscope="" itemtype="http://schema.org/WebPage" lang="zh-Hans">

  
  
    
  

  <div class="container sidebar-position-right page-post-detail">
    <div class="headband"></div>

    <header id="header" class="header" itemscope="" itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-wrapper">
  <div class="site-meta ">
    

    <div class="custom-logo-site-title">
      <a href="/" class="brand" rel="start">
        <span class="logo-line-before"><i></i></span>
        <span class="site-title">旷{<i>氏</i> }淇元</span>
        <span class="logo-line-after"><i></i></span>
      </a>
    </div>
      
        <p class="site-subtitle"></p>
      
  </div>

  <div class="site-nav-toggle">
    <button>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
    </button>
  </div>
</div>

<nav class="site-nav">
  

  
    <ul id="menu" class="menu">
      
        
        <li class="menu-item menu-item-home">
          <a href="/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-home"></i> <br>
            
            首页
          </a>
        </li>
      
        
        <li class="menu-item menu-item-about">
          <a href="/about/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-user"></i> <br>
            
            关于
          </a>
        </li>
      
        
        <li class="menu-item menu-item-tags">
          <a href="/tags/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-tags"></i> <br>
            
            标签
          </a>
        </li>
      
        
        <li class="menu-item menu-item-archives">
          <a href="/archives/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-archive"></i> <br>
            
            归档
          </a>
        </li>
      

      
    </ul>
  

  
</nav>



 </div>
    </header>

    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
          <div id="content" class="content">
            

  <div id="posts" class="posts-expand">
    

  

  
  
  

  <article class="post post-type-normal" itemscope="" itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block">
    <link itemprop="mainEntityOfPage" href="http://i.am.simonkuang.com/post/apply-http-ssl-cert-file-from-a-non-beian-aliyun-ecs/">

    <span hidden itemprop="author" itemscope="" itemtype="http://schema.org/Person">
      <meta itemprop="name" content="Simon Kuang">
      <meta itemprop="description" content="">
      <meta itemprop="image" content="http://upload.jianshu.io/users/upload_avatars/69775/1a6d1438fd5d.jpg?imageMogr/thumbnail/90x90/quality/100">
    </span>

    <span hidden itemprop="publisher" itemscope="" itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="旷{<i>氏</i> }淇元">
    </span>

    
      <header class="post-header">

        
        
          <h1 class="post-title" itemprop="name headline">阿里云未备案云主机申请 letsencrypt ssl 证书</h1>
        

        <div class="post-meta">
          <span class="post-time">
            
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              
                <span class="post-meta-item-text">发表于</span>
              
              <time title="创建于" itemprop="dateCreated datePublished" datetime="2017-07-31T00:34:22+08:00">
                2017-07-31
              </time>
            

            

            
          </span>

          

          
            
              <span class="post-comments-count">
                <span class="post-meta-divider">|</span>
                <span class="post-meta-item-icon">
                  <i class="fa fa-comment-o"></i>
                </span>
                <a href="/post/apply-http-ssl-cert-file-from-a-non-beian-aliyun-ecs/#comments" itemprop="discussionUrl">
                  <span class="post-comments-count disqus-comment-count" data-disqus-identifier="post/apply-http-ssl-cert-file-from-a-non-beian-aliyun-ecs/" itemprop="commentCount"></span>
                </a>
              </span>
            
          

          
          

          

          

          

        </div>
      </header>
    

    
    
    
    <div class="post-body" itemprop="articleBody">

      
      

      
        <link rel="stylesheet" type="text/css" href="https://cdnjs.cloudflare.com/ajax/libs/KaTeX/0.5.1/katex.min.css"><p>用阿里云国内机房的主机有个『小问题』，备案。下面说的，一种情况是没有备案，另外一种情况是备案中，但是业务急于对外发布，等不及以周为单位的备案进程。</p>
<p>访问绑定到阿里云 ECS 上的、没有备案的域名，阿里云机房会劫持你的 http（80 端口）上行流量，无视你实际的返回内容，将之篡改成一个页面 title 为『TestPage』的<em>温馨提示</em>（如下图）。</p>
<p><img src="./TestPage.png" alt="TestPage Screenshot"></p>
<p>而一台不能提供 http 服务的阿里云 ECS 不是真正的服务器。解决这个问题的办法，将 http 换到 https 就可以了。</p>
<h2><span id="https-选哪家">https 选哪家</span></h2><p>总所周知，自从 WoSign 被我大天朝数字公司收购之后，颇多周折，<a href="https://www.sslchina.com/chrome-final-removal-of-trust-in-wosign/" target="_blank" rel="noopener">跟同袍兄弟 StarSSL 一起被业界良心 chrome 拉黑</a>。现在使用 WoSign 签发的 ssl 证书会被 chrome 直接判定为证书无效。</p>
<p>最近连商务范儿最重的 <a href="http://www.cnbeta.com/articles/soft/636841.htm" target="_blank" rel="noopener">Symantec 都被 chrome 一再警告之后拉黑</a>。除了认为 chrome 真任性之外，也提醒我们选择 ssl 服务商时一定要慎重。</p>
<p>目前来看，从个人到中小企业，<strong>最佳选择是 google 投资的 <a href="https://letsencrypt.org/" target="_blank" rel="noopener">Let’s Encrypt</a></strong>。运用 ACME 协议自动签发、自动续期，技术宅最爱，不是技术宅也有现成工具简单操作即可。</p>
<h2><span id="怎么生成-http-ssl-证书">怎么生成 http ssl 证书</span></h2><p>首先注明，申请 Let’s Encrypt 家的 http ssl 证书，不需要提前准备啥资料，不需要书面申请，这跟国内的『管理』方法不一样。你只需要证明这个域名归你所有，http ssl 的证书就可以签发给你使用。但是为了防止域名到期易主、中途转让等等原因，发生域名新主人拿不到 http ssl 证书的情况，所以 <strong>Let’s Encrypt 规定了每次签发的 http ssl 证书有效期只有三个月，证书生成一个月之后可以免费重签/续期，不用等到临近有效期再续签</strong>。</p>
<p>Let’s Encrypt 验证域名的归属有两个办法，用过 Google Analytics，和用 G Suite 绑定过域名的朋友应该比较熟悉了。</p>
<ol>
<li>网站验证。给你一个随机内容的文件，你把这个文件放在一个特定的位置，用待绑定的域名 + 特定 path 可以访问到这个文件，可以认为域名是你的；</li>
<li>DNS 验证。给你一个随机字符串，你把这个字符串添加为待绑定域名某个 name 的 txt 值，只要能通过公网上的 DNS 服务器解析到这个字串，认为域名是你的。</li>
</ol>
<p>很简单吧。</p>
<p>在阿里云 ECS 未备案的情况下，第一种办法是不可行的，chanlledge 必须是用过 http 协议进行的（你是来申请 https 证书的，假设你还没有 https 服务，这完全正常，只能用 http 来 chanlledge），而你的 http 服务被阿里云劫持了，所以你才要申请 http ssl 证书。…… 这就是个死循环。</p>
<p>第二种办法可行，它的具体步骤如下。</p>
<h2><span id="具体操作">具体操作</span></h2><blockquote>
<p>我先把要注意的事项写下来，免得走弯路。<br>嗯，其实就一条：使用 <code>pip install certbot</code> 命令安装 certbot，不要用 yum/dnf/apt/pkg/apk 等包管理工具安装。</p>
</blockquote>
<h3><span id="第一步安装-certbot">第一步，安装 certbot</span></h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">pip install --upgrade certbot</span><br></pre></td></tr></table></figure>
<p>如果已经通过包管理工具安装过 certbot，那么先卸载。假设在 CentOS 上，包管理工具是 dnf。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">dnf remove -y certbot</span><br></pre></td></tr></table></figure>
<p>包管理工具安装的 certbot，其某些依赖包对应的版本比较低，存在兼容性问题，安装之后根本用不了。最好是用 pip 安装。</p>
<h3><span id="第二步提出签发-http-ssl-申请">第二步，提出签发 http ssl 申请</span></h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">certbot --text --agree-tos --email &lt;your@email.com&gt; -d &lt;your.domain.com&gt; --manual --preferred-challenges dns --expand --renew-by-default  --manual-public-ip-logging-ok certonly</span><br></pre></td></tr></table></figure>
<p>注意，这时候会出现类似下面的内容。</p>
<blockquote>
<p>Please deploy a DNS TXT record under the name<br>_acme-challenge.bristol3.pki.enigmabridge.com with the following value:</p>
<p>667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc</p>
<p>Once this is deployed,<br>Press ENTER to continue</p>
</blockquote>
<p>上面的内容意思是：</p>
<ol>
<li>背景：假设你申请 http ssl 的域名是 <code>bristol3.pki.enigmabridge.com</code>，你对这个域名有管理权；</li>
<li>在上述域名下，设置名为 <code>_acme-challenge</code> 的 <strong>txt</strong> 类型的记录，值为 <code>667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc</code>；</li>
<li>如果上述记录是新建的，那么等待大约半分钟，回到命令行，点击<strong>回车</strong>继续。</li>
</ol>
<h3><span id="第三步获取-http-ssl-证书">第三步，获取 http ssl 证书</span></h3><p>完成之后，在 <code>/etc/letsencrypt/live/&lt;your.domain.com&gt;</code> 目录下，有这么几个文件。</p>
<ul>
<li><code>privkey.pem</code> 证书的私钥；</li>
<li><code>fullchain.pem</code> 带完整认证链的证书。注意，说是 fullchain，其实 CA 是 letsencrypt 自家的 CA，在某些老的操作浏览器上仍然有 bug；</li>
<li><code>chain.pem</code> README 上面说法是给 nginx stapling 用的，其实里面就是 letencrypt CA 的证书；</li>
<li><code>cert.pem</code> 域名的 http ssl 证书公钥。</li>
</ul>
<h3><span id="第四步安装">第四步，安装</span></h3><p>以 nginx 为例。（别问我为什么是 nginx，我最熟悉它，懒，你懂）</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"># 只贴出关于 ssl 的部分，其余部分就不贴了。</span><br><span class="line">ssl on;</span><br><span class="line">ssl_certificate /etc/letsencrypt/live/your.domain.com/fullchain.pem;</span><br><span class="line">ssl_certificate_key /etc/letsencrypt/live/your.domain.com/privkey.pem;</span><br><span class="line">#  ssl_trusted_certificate /etc/letsencrypt/live/your.domain.com/fullchain.pem;</span><br><span class="line">ssl_trusted_certificate ssl/letsencrypt_full_chained.pem;</span><br><span class="line">ssl_stapling on;</span><br><span class="line">ssl_stapling_verify on;</span><br><span class="line">ssl_session_timeout 5m;</span><br><span class="line">ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</span><br><span class="line">ssl_ciphers HIGH:!aNULL:!MD5:!EXPORT56:!EXP;</span><br><span class="line">ssl_session_cache shared:SSL:50m;</span><br><span class="line">ssl_dhparam ssl/dhparams.pem;</span><br><span class="line">ssl_prefer_server_ciphers on;</span><br></pre></td></tr></table></figure>
<p>其中，<code>ssl/letsencrypt_full_chained.pem</code> 是让 ISRG ROOT X1 给 letsencrypt X3 做一个交叉认证的认证链，这是 CA 之间经常使用的一种提高自身兼容性的办法。这个交叉认证证书用如下办法生成。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">curl -Lo <span class="string">"<span class="variable">$&#123;HOME&#125;</span>/lets-encrypt-x3-cross-signed.pem"</span> \</span><br><span class="line">    <span class="string">"https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem"</span></span><br><span class="line">curl -Lo <span class="string">"<span class="variable">$&#123;HOME&#125;</span>/isrgrootx1.pem"</span> \</span><br><span class="line">    <span class="string">"https://letsencrypt.org/certs/isrgrootx1.pem"</span></span><br><span class="line"></span><br><span class="line">sed -i <span class="string">'s@\s*$@@g'</span> <span class="string">"<span class="variable">$&#123;HOME&#125;</span>/isrgrootx1.pem"</span>   <span class="comment"># trip the carrige at the end of every line.</span></span><br><span class="line">cat <span class="variable">$&#123;HOME&#125;</span>/lets-encrypt-x3-cross-signed.pem <span class="variable">$&#123;HOME&#125;</span>/isrgrootx1.pem &gt; \</span><br><span class="line">    letsencrypt_full_chained.pem</span><br></pre></td></tr></table></figure>
<blockquote>
<p>PS: 上面的命令简单粗暴，原因是假设 certbot 生成的 fullchain.pem 里面有以下的规则。</p>
<ol>
<li>域名 http ssl 都是由 letsencrypt CA 直接认证的，没有中间的 issuer；</li>
<li>签发证书的 letsencrypt CA 是 lets-encrypt-x3。</li>
</ol>
<p>所以，当上面的配置出现错误时，快糙猛的办法是屏蔽掉『ssl_trusted_certificate』这行。<br>毕竟，在功能性面前，兼容性算个逑。</p>
</blockquote>
<p><code>ssl/dhparams.pem</code> 由以下命令生成。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">openssl dhparam -out dhparam.pem 2048</span><br></pre></td></tr></table></figure>
<p>配置完成之后，reload nginx 即可。</p>
<p>自此，阿里云 ECS 终于可以通过 https 协议访问了。舒心啦。</p>

      
    </div>
    
    
    

    

    

    

    <footer class="post-footer">
      
        <div class="post-tags">
          
            <a href="/tags/运维/" rel="tag"># 运维</a>
          
        </div>
      

      
      
      

      
        <div class="post-nav">
          <div class="post-nav-next post-nav-item">
            
              <a href="/post/check-in-app-accessing-with-openresty/" rel="next" title="用 openresty 来做 app api 接口的验真">
                <i class="fa fa-chevron-left"></i> 用 openresty 来做 app api 接口的验真
              </a>
            
          </div>

          <span class="post-nav-divider"></span>

          <div class="post-nav-prev post-nav-item">
            
              <a href="/post/all-the-ssl-providers-controlled-by-qihoo-are-loser-now/" rel="prev" title="数字公司旗下的 SSL 服务商好像被 block 完了">
                数字公司旗下的 SSL 服务商好像被 block 完了 <i class="fa fa-chevron-right"></i>
              </a>
            
          </div>
        </div>
      

      
      
    </footer>
  </div>
  
  
  
  </article>



    <div class="post-spread">
      
    </div>
  </div>


          </div>
          


          
  <div class="comments" id="comments">
    
      <div id="disqus_thread">
        <noscript>
          Please enable JavaScript to view the
          <a href="https://disqus.com/?ref_noscript">comments powered by Disqus.</a>
        </noscript>
      </div>
    
  </div>


        </div>
        
          
  
  <div class="sidebar-toggle">
    <div class="sidebar-toggle-line-wrap">
      <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
    </div>
  </div>

  <aside id="sidebar" class="sidebar">
    
    <div class="sidebar-inner">

      

      
        <ul class="sidebar-nav motion-element">
          <li class="sidebar-nav-toc sidebar-nav-active" data-target="post-toc-wrap">
            文章目录
          </li>
          <li class="sidebar-nav-overview" data-target="site-overview">
            站点概览
          </li>
        </ul>
      

      <section class="site-overview sidebar-panel">
        <div class="site-author motion-element" itemprop="author" itemscope="" itemtype="http://schema.org/Person">
          <img class="site-author-image" itemprop="image" src="http://upload.jianshu.io/users/upload_avatars/69775/1a6d1438fd5d.jpg?imageMogr/thumbnail/90x90/quality/100" alt="Simon Kuang">
          <p class="site-author-name" itemprop="name">Simon Kuang</p>
           
              <p class="site-description motion-element" itemprop="description"></p>
          
        </div>
        <nav class="site-state motion-element">

          
            <div class="site-state-item site-state-posts">
            
              <a href="/archives/">
            
                <span class="site-state-item-count">42</span>
                <span class="site-state-item-name">日志</span>
              </a>
            </div>
          

          

          
            
            
            <div class="site-state-item site-state-tags">
              <a href="/tags/index.html">
                <span class="site-state-item-count">16</span>
                <span class="site-state-item-name">标签</span>
              </a>
            </div>
          

        </nav>

        

        <div class="links-of-author motion-element">
          
            
              <span class="links-of-author-item">
                <a href="https://github.com/simonkuang || github" target="_blank" title="GitHub">
                  
                    <i class="fa fa-fw fa-github"></i>
                  
                    
                      GitHub
                    
                </a>
              </span>
            
          
        </div>

        
        

        
        
          <div class="links-of-blogroll motion-element links-of-blogroll-inline">
            <div class="links-of-blogroll-title">
              <i class="fa  fa-fw fa-globe"></i>
              友情链
            </div>
            <ul class="links-of-blogroll-list">
              
                <li class="links-of-blogroll-item">
                  <a href="http://www.laruence.com/" title="Laruence" target="_blank">Laruence</a>
                </li>
              
                <li class="links-of-blogroll-item">
                  <a href="http://openresty.org/download/agentzh-nginx-tutorials-zhcn.html" title="agentzh的Nginx教程" target="_blank">agentzh的Nginx教程</a>
                </li>
              
                <li class="links-of-blogroll-item">
                  <a href="http://danielkummer.github.io/git-flow-cheatsheet/index.zh_CN.html" title="gitflow-cheatsheet" target="_blank">gitflow-cheatsheet</a>
                </li>
              
                <li class="links-of-blogroll-item">
                  <a href="http://my.oschina.net/yilian/blog/664632" title="TensorFlow入门教程" target="_blank">TensorFlow入门教程</a>
                </li>
              
            </ul>
          </div>
        

        


      </section>

      
      <!--noindex-->
        <section class="post-toc-wrap motion-element sidebar-panel sidebar-panel-active">
          <div class="post-toc">

            
              
            

            
              <div class="post-toc-content"><ol class="nav"><li class="nav-item nav-level-2"><a class="nav-link" href="#undefined"><span class="nav-number">1.</span> <span class="nav-text">https 选哪家</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#undefined"><span class="nav-number">2.</span> <span class="nav-text">怎么生成 http ssl 证书</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#undefined"><span class="nav-number">3.</span> <span class="nav-text">具体操作</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#undefined"><span class="nav-number">3.1.</span> <span class="nav-text">第一步，安装 certbot</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#undefined"><span class="nav-number">3.2.</span> <span class="nav-text">第二步，提出签发 http ssl 申请</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#undefined"><span class="nav-number">3.3.</span> <span class="nav-text">第三步，获取 http ssl 证书</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#undefined"><span class="nav-number">3.4.</span> <span class="nav-text">第四步，安装</span></a></li></ol></li></ol></div>
            

          </div>
        </section>
      <!--/noindex-->
      

      

    </div>
  </aside>


        
      </div>
    </main>

    <footer id="footer" class="footer">
      <div class="footer-inner">
        <div class="copyright">
  
  &copy;  2005 &mdash; 
  <span itemprop="copyrightYear">2019</span>
  <span class="with-love">
    <i class="fa fa-heart"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">Simon Kuang</span>

  
</div>


<script src="https://unpkg.com/mermaid@8.0.0/dist/mermaid.min.js"></script>
<script>
  if (window.mermaid) {
    mermaid.initialize({"startOnload":true});
  }
</script>



  <div class="powered-by">由 <a class="theme-link" href="https://hexo.io">Hexo</a> 强力驱动</div>

  <span class="post-meta-divider">|</span>

  <div class="theme-info">主题 &mdash; <a class="theme-link" href="https://github.com/iissnan/hexo-theme-next">NexT.Pisces</a> v5.1.2</div>


        




  <script type="text/javascript">
    (function() {
      var hm = document.createElement("script");
      hm.src = "//tajs.qq.com/stats?sId=56218002";
      var s = document.getElementsByTagName("script")[0];
      s.parentNode.insertBefore(hm, s);
    })();
  </script>




        
      </div>
    </footer>

    
      <div class="back-to-top">
        <i class="fa fa-arrow-up"></i>
        
      </div>
    

  </div>

  

<script type="text/javascript">
  if (Object.prototype.toString.call(window.Promise) !== '[object Function]') {
    window.Promise = null;
  }
</script>









  












  
  <script type="text/javascript" src="/lib/jquery/index.js?v=2.1.3"></script>

  
  <script type="text/javascript" src="/lib/fastclick/lib/fastclick.min.js?v=1.0.6"></script>

  
  <script type="text/javascript" src="/lib/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script>

  
  <script type="text/javascript" src="/lib/velocity/velocity.min.js?v=1.2.1"></script>

  
  <script type="text/javascript" src="/lib/velocity/velocity.ui.min.js?v=1.2.1"></script>

  
  <script type="text/javascript" src="/lib/fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script>


  


  <script type="text/javascript" src="/js/src/utils.js?v=5.1.2"></script>

  <script type="text/javascript" src="/js/src/motion.js?v=5.1.2"></script>



  
  


  <script type="text/javascript" src="/js/src/affix.js?v=5.1.2"></script>

  <script type="text/javascript" src="/js/src/schemes/pisces.js?v=5.1.2"></script>



  
  <script type="text/javascript" src="/js/src/scrollspy.js?v=5.1.2"></script>
<script type="text/javascript" src="/js/src/post-details.js?v=5.1.2"></script>



  


  <script type="text/javascript" src="/js/src/bootstrap.js?v=5.1.2"></script>



  


  

    
      <script id="dsq-count-scr" src="https://kuangqiyuan.disqus.com/count.js" async></script>
    

    
      <script type="text/javascript">
        var disqus_config = function () {
          this.page.url = 'http://i.am.simonkuang.com/post/apply-http-ssl-cert-file-from-a-non-beian-aliyun-ecs/';
          this.page.identifier = 'post/apply-http-ssl-cert-file-from-a-non-beian-aliyun-ecs/';
          this.page.title = '阿里云未备案云主机申请 letsencrypt ssl 证书';
        };
        var d = document, s = d.createElement('script');
        s.src = 'https://kuangqiyuan.disqus.com/embed.js';
        s.setAttribute('data-timestamp', '' + +new Date());
        (d.head || d.body).appendChild(s);
      </script>
    

  




	





  












  





  

  

  

  

  

  

</body>
</html>
